EDR Bypass Challenges

36 challenges across 9 categories. Start with Easy and work your way up.

Category 1: Process Name Evasion

Category 2: Command Line Obfuscation

Category 3: Process Monitoring Bypass

Category 4: Execution Evasion

Category 5: Advanced Bypass

Category 6: API Hook Evasion

Requires --profile flag (e.g. --profile crowdstrike). These challenges target Rule 7’s static import analysis using real EDR hook profiles from Mr-Un1k0d3r/EDRs.

Category 7: ETW Bypass

Target the EDR’s ETW telemetry pipeline. The agent registers a custom ETW provider and trace session — blind it using session manipulation, memory patching, or patchless hooking techniques. See Breaking ETW and EDR and ETW-TI Deep Dive for background.

Category 8: Signature Bypass

Requires --signatures flag (e.g. --signatures signatures/malware_hashes.txt). These challenges target Rule 6’s SHA256-based signature detection.

Category 9: Packer & PE Evasion

These challenges target Rule 9’s PE structure analysis — packer detection, section name matching, and header integrity checks.